Pros

Good scores from independent labs.
Very good score in our hands-on malware-blocking test.
Behavior-based DeepGuard didn't flag valid programs in testing.
Fast scan in testing.
Improved handling of malware found by scan.
Supports both Windows and Mac OS.

Cons

No antiphishing or malicious URL blocking.
Some awkwardness in the user interface.

Bottom Line

F-Secure Anti-Virus 2016 sticks to the business of malware protection.
It does a good job, and you can install it on both Windows and Mac OS devices.

Nov. 10, 2016Neil J. Rubenking

Some antivirus vendors pack so many extras into their basic antivirus software that it almost seems like a suite. Firewall, spam filter, VPN—you name it. That's not how F-Secure rolls. F-Secure Anti-Virus (2017) focuses solely on the central task of defending your system against all sorts of malware. It doesn't even try to steer your browser away from dangerous or fraudulent websites. That's fine, because the core components work well, and its DeepGuard behavior-based detection system is more powerful than ever.

Just under $40 seems to be the sweet spot for antivirus pricing. Editors' Choice products Bitdefender, Kaspersky, Norton, and Webroot all go for that price, as do a dozen others. F-Secure also costs $39.99 per year, but that subscription lets you install it on three PCs. It's a good deal.

F-Secure's minimalist main window boasts plenty of white space. A pair of blue buttons serves to launch a scan or open the settings dialog. A few lines in the middle confirm that your antivirus protection is enabled and that it's up to date. If anything is wrong, a green check mark icon changes to a red X, and a pop-up notification offers to fix the problem. It's a simple, pleasant layout.

Over the past few years, F-Secure's designers have been working hard to streamline the interface, making it as easy as possible to use. It seems to have worked, as they've managed to get rid of the few gripes I had about the UI the last time I reviewed the app.

Scan Choices

Clicking the Virus Scan button on the main window launches what many other products would call a Quick Scan. This just looks at system areas that malware typically affects, and only takes a minute or two. The F-Secure installer runs a cleanup scan early in the process, to eliminate any active malware that might interfere with installation.

I'd advise running a full scan of all the files on your system after you install the software. To do so, you open the Tools page and pull down the Virus scan options menu. On my standard clean test system, the full scan finished in 11 minutes, way faster than the current average of 47 minutes. ESET's NOD32 antivirus was also fast, but not that fast—it took 20 minutes.

During that first scan, F-Secure performs some optimization tasks that help speed subsequent scans. A second scan on my clean test system finished in just six minutes. Other products speed up more dramatically. For example, a second scan with ESET NOD32 Antivirus 10 finished in 30 seconds.

Decent Lab Test Results

Three of the five independent antivirus labs that I follow include F-Secure in their regular testing. Its lab scores are good, but not as outstanding as those of Bitdefender Antivirus Plus 2017 or Kaspersky.

There are four possible ratings in the tests performed by AV-Comparatives. A product that passes the test gets a Standard rating; one that fails is simply marked Tested. Doing more than the minimum needed to pass gets an Advanced rating, or even Advanced+, the top rating. Out of the five specific tests that I track, F-Secure earned four Advanced ratings and one Advanced+. Bitdefender and Kaspersky rated Advanced+ in all five tests. Avira only participated in four of the tests, but it got Advanced+ in all four.

In the important Protection component of the three-part test by AV-Test Institute, F-Secure earned six of six available points. However, it only got five points for Performance, meaning it slowed the test system a bit. And five points for Usability means it exhibited some false positives, valid files or URLs flagged as dangerous. A total score of 16 is decent, but Bitdefender, Kaspersky, and Trend Micro all earned a perfect 18 points.

The researchers at MRG-Effitas report results a bit differently from the rest. In their banking Trojans test, anything other than 100 percent success represents failure. The comprehensive All-Malware-Types test can result in two types of success. Perfectly blocking every single sample earns Level 1 certification—Kaspersky is the only product that reached this level. Eliminating all traces of any malware within 24 hours gets Level two. Anything else is failure. Along with most other products, F-Secure failed the banking Trojans test. The comprehensive test didn't include F-Secure.

Aggregating the available scores using an algorithm of my own design, I came up with 8.3 of 10 possible points for F-Secure. Quite a few others have done better. Kaspersky Anti-Virus's aggregate score is a perfect 10, and Norton managed 9.7.

DeepGuard to the Rescue

F-Secure's layers of protection include signature-based detection, naturally. But an antivirus with no other means of detecting malware would be vulnerable to every brand-new threat, right up to the point where analysts develop a signature for that threat. F-Secure's answer to zero-day, never-before-seen threats is the DeepGuard behavior-based detection system.

F-Secure's online database identifies known good files, and the real-time antivirus wipes out known bad files. DeepGuard kicks in for processes that don't fit either category—unknowns. Much like the similar component in Webroot SecureAnywhere AntiVirus, it watches unknown processes and smacks down those that exhibit a pattern of malicious behavior.

When I opened the folder containing my malware samples, F-Secure's real-time protection identified and eliminated 71 percent of them. In some cases, it flagged items as potentially unwanted, and asked what I'd like to do with them. I always chose Quarantine.

DeepGuard showed its value when I started launching the remaining 29 percent of the samples. The basic real-time antivirus blocked a couple at launch, and all the rest succumbed to DeepGuard's analysis of their behavior. Like Webroot, it detected 100 percent of the samples, either on sight or just after launch. Webroot earned a perfect 10 points, but F-Secure's 9.8 points is also quite impressive. It's a hair better than Norton or Trend Micro Antivirus+ Security scored in this test.

As noted, F-Secure's standalone antivirus doesn't include phishing protection or blocking of malicious URLs. However, my malicious URL blocking test gives equal credit for blocking the URL and for wiping out the downloaded malware, so I ran the full test. F-Secure quarantined 78 percent of the downloads, which is above the current average of 71 percent. The winner in this test is Norton, with 98 percent protection, followed by Avira Antivirus Pro, with 95 percent.

Deeper With DeepGuard

A whitepaper supplied by F-Secure explained that DeepGuard functions as a Host Intrusion Prevention System, or HIPS. It keeps an eye on programs like Flash and Java that are frequent targets of exploit attacks. It also monitors document types frequently used in targeted attacks.

Hoping to see this facet of DeepGuard in action, I hit the test system with 30 exploits generated by the CORE Impact penetration tool. None of them penetrated security, as the test system is fully patched. The real-time antivirus kicked in to eliminate the malware payload for 40 percent of the samples, but I didn't see any activity by DeepGuard.

It turns out that's perfectly reasonable. DeepGuard watches for malicious behaviors. When an exploit hits a program that's been patched to fix the corresponding vulnerability, it can't do anything. There's no behavior, therefore no behavior-based detection.

The very best HIPS components block exploit attacks by examining network traffic and simply refusing to connect with the exploit attack. Symantec Norton AntiVirus Basic is an example; it blocked two-thirds of the exploits in this test without letting any of them drop a malware payload.

DeepGuard also aims to protect against any ransomware that the conventional antivirus components miss. To check this, I turned off real-time protection and launched a virulent ransomware sample. DeepGuard caught it, for sure, identifying it as a harmful application.

You can configure DeepGuard to warn you when an unknown program attempts Internet access. If it's something you want to use, perhaps an edgy new browser, you simply tell DeepGuard to trust the program. It's a little bit like the program control component of an old-school personal firewall. I don't imagine many users turn on this feature.

Tiny Bonuses

Last year's edition of this product included a link to install a free, feature-limited version of F-Secure's system booster tool. This time around, a link at the bottom of the main window takes you to a page where you can install the free version of the F-Secure Key password manager. It's not my top pick for password management. Furthermore, unless you pay for the Premium edition, you can't use it to sync passwords across devices.

Another link at the bottom of the window launches F-Secure Search, a search portal powered by Google, with the added benefit of color-coded icons flagging each search result's reputation. Like Norton, McAfee, and many others, it uses red, yellow, and green icons to indicate dangerous, iffy, and safe links, with a gray icon meaning that the site hasn't been analysed.

As you can see in the legend that appears on every results page, F-Secure goes a bit beyond, with a blue icon for allowed sites and a different red icon for denied sites. These are meaningful only for installations that are managed by the cross-platform F-Secure Safe suite. In that situation, an administrator can ban sites that would normally be permitted, or lift the ban on sites that would normally be blocked as dangerous.

Focused on Malware Protection

F-Secure Anti-Virus focuses all of its abilities on the main task, rooting out any entrenched malware and preventing further infection, and it's quite effective at that task. In our hands-on test, it detected 100 percent of the malware samples, and its full scan runs faster than that of almost any competitor. Although it doesn't include the usual protection against malicious websites, it still did well in my malicious URL blocking test because its real-time protection wiped out more malware downloads than average.

The antivirus field is huge—I've reviewed almost four-dozen products. Out of that horde, I've identified five standout products as Editors' Choice for antivirus: Bitdefender Antivirus Plus, Kaspersky Anti-Virus, McAfee AntiVirus Plus, Symantec Norton AntiVirus Basic, and Webroot SecureAnywhere Antivirus. Each has its own strengths. Unless you specifically want a no-frills antivirus, you're better off choosing one of these.

More Inside PCMag.com

About the Author

Neil Rubenking served as vice president and president of the San Francisco PC User Group for three years when the IBM PC was brand new. He was present at the formation of the Association of Shareware Professionals, and served on its board of directors. In 1986, PC Magazine brought Neil on board to handle the torrent of Turbo Pascal tips submitted by readers. By 1990, he had become PC Magazine's technical editor, and a coast-to-coast telecommuter. His "User to User" column supplied readers with tips and solutions on using DOS and Windows, his technical columns clarified fine points in programming and operating systems, and his utility articles (over forty of ... See Full Bio